|
2014-05-19
|
|
Softmatica SMART iPBX - Multiple SQL Injections
|
19 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-05-19
|
|
XOOPS Glossaire Module - '/modules/glossaire/glossaire-aff.php' SQL Injection
|
20 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-05-16
|
|
CIS Manager - 'email' SQL Injection
|
26 |
WEB
|
Edge
|
|
2016-01-06
|
|
MediaAccess TG788vn - File Disclosure
|
26 |
WEB
|
0x4148
|
|
2014-05-08
|
|
CMS Touch - 'news.php?News_ID' SQL Injection
|
20 |
WEB
|
indoushka
|
|
2014-05-08
|
|
CMS Touch - 'pages.php?Page_ID' SQL Injection
|
21 |
WEB
|
indoushka
|
|
2014-05-08
|
|
TOA - Cross-Site Request Forgery
|
27 |
WEB
|
High-Tech Bridge
|
|
2014-05-07
|
|
Caldera - '/costview2/printers.php?tr' SQL Injection
|
27 |
WEB
|
Thomas Fischer
|
|
2014-05-07
|
|
Caldera - '/costview2/jobs.php?tr' SQL Injection
|
27 |
WEB
|
Thomas Fischer
|
|
2014-05-05
|
|
PrestaShop - 'getSimilarManufacturer.php?id_manufacturer' SQL Injection
|
19 |
WEB
|
indoushka
|
|
2016-01-05
|
|
PHPIPAM 1.1.010 - Multiple Vulnerabilities
|
22 |
WEB
|
Mickael Dorigny
|
|
2016-01-05
|
|
Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
|
27 |
WEB
|
Sebastian Perez
|
|
2016-01-05
|
|
Simple PHP Polling System - Multiple Vulnerabilities
|
21 |
WEB
|
WICS
|
|
2016-01-05
|
|
Online Airline Booking System - Multiple Vulnerabilities
|
24 |
WEB
|
Manish Tanwar
|
|
2014-04-06
|
|
Puntopy - 'novedad.php' SQL Injection
|
23 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-04-02
|
|
ZamFoo - Multiple Remote Command Execution Vulnerabilities
|
27 |
WEB
|
Al-Shabaab
|
|
2014-04-22
|
|
iDevAffiliate - 'idevads.php' SQL Injection
|
28 |
WEB
|
Robert Cooper
|
|
2016-01-02
|
|
Open Audit - SQL Injection
|
30 |
WEB
|
Rahul Pratap Singh
|
|
2014-04-14
|
|
Jigowatt PHP Event Calendar - 'day_view.php' SQL Injection
|
24 |
WEB
|
Daniel Godoy
|
|
2014-04-14
|
|
Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution
|
20 |
WEB
|
Jan Kadijk
|
|
2014-04-14
|
|
Xangati - '/servlet/Installer?file' Directory Traversal
|
18 |
WEB
|
Jan Kadijk
|
|
2014-04-14
|
|
Xangati - '/servlet/MGConfigData' Multiple Directory Traversals
|
21 |
WEB
|
Jan Kadijk
|
|
2014-04-09
|
|
eazyCMS - 'index.php' SQL Injection
|
19 |
WEB
|
Renzi
|
|
2014-04-08
|
|
Joomla! Component Inneradmission - 'index.php' SQL Injection
|
23 |
WEB
|
Lazmania61
|
|
2014-04-05
|
|
PHPFox - Access Control Security Bypass
|
22 |
WEB
|
Wesley Henrique
|
|
2014-03-31
|
|
Primo Interactive CMS - 'pcm.cgi' Remote Command Execution
|
23 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-03-24
|
|
Symphony 2.2.4 - Cross-Site Request Forgery
|
23 |
WEB
|
High-Tech Bridge
|
|
2014-03-23
|
|
WordPress Theme Felici - 'Uploadify.php' Arbitrary File Upload
|
21 |
WEB
|
CaFc Versace
|
|
2015-12-30
|
|
WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection
|
23 |
WEB
|
Kacper Szurek
|
|
2014-03-26
|
|
Beheer Systeem - 'pbs.cgi' Remote Command Execution
|
19 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-03-26
|
|
DotItYourself - 'dot-it-yourself.cgi' Remote Command Execution
|
20 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-03-25
|
|
qEngine 4.1.6/6.0.0 - 'task.php' Local File Inclusion
|
19 |
WEB
|
Gjoko Krstic
|
|
2014-02-21
|
|
Jorjweb - 'id' SQL Injection
|
20 |
WEB
|
Vulnerability Laboratory
|
|
2014-03-21
|
|
innoEDIT - 'innoedit.cgi' Remote Command Execution
|
21 |
WEB
|
Felipe Andrian Peixoto
|
|
2014-03-19
|
|
BigACE 2.7.5 - 'LANGUAGE' Directory Traversal
|
23 |
WEB
|
Hossein Hezami
|
|
2014-03-10
|
|
MeiuPic 2.1.2 - 'ctl' Local File Inclusion
|
16 |
WEB
|
Dr.3v1l
|
|
2014-03-17
|
|
osCMax 2.5 - Cross-Site Request Forgery
|
23 |
WEB
|
TUNISIAN CYBER
|
|
2014-03-15
|
|
OpenX 2.8.x - Multiple Cross-Site Request Forgery Vulnerabilities
|
24 |
WEB
|
Mahmoud Ghorbanzadeh
|
|
2014-03-19
|
|
GNUBoard 4.3x - 'ajax.autosave.php' Multiple SQL Injections
|
20 |
WEB
|
Claepo Wang
|
|
2014-03-08
|
|
Professional Designer E-Store - 'id' Multiple SQL Injections
|
25 |
WEB
|
Nawaf Alkeraithe
|
|
2014-03-06
|
|
WordPress Plugin Premium Gallery Manager - Arbitrary File Upload
|
18 |
WEB
|
eX-Sh1Ne
|
|
2014-03-05
|
|
Cory Jobs Search - 'cid' SQL Injection
|
18 |
WEB
|
Slotleet
|
|
2014-03-04
|
|
WordPress Plugin Relevanssi - 'category_name' SQL Injection
|
24 |
WEB
|
anonymous
|
|
2014-02-26
|
|
POSH 3.1.x - 'addtoapplication.php' SQL Injection
|
16 |
WEB
|
Anthony BAUBE
|
|
2014-02-22
|
|
ATutor - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
|
21 |
WEB
|
HauntIT
|
|
2014-02-22
|
|
eshtery CMS - 'FileManager.aspx' Local File Disclosure
|
20 |
WEB
|
peng.deng
|
|
2014-02-18
|
|
MODx Evogallery Module - 'Uploadify.php' Arbitrary File Upload
|
21 |
WEB
|
TUNISIAN CYBER
|
|
2014-02-19
|
|
WordPress Plugin NextGEN Gallery - 'jqueryFileTree.php' Directory Traversal
|
28 |
WEB
|
Tom Adams
|
|
2014-02-12
|
|
Rhino - Cross-Site Scripting / Password Reset
|
19 |
WEB
|
Slotleet
|
|
2014-02-17
|
|
Joomla! Component com_wire_immogest - 'index.php' SQL Injection
|
19 |
WEB
|
MR.XpR
|
|
2014-02-17
|
|
i-doit Pro - 'objID' SQL Injection
|
25 |
WEB
|
Stephan Rickauer
|
|
2015-12-24
|
|
Rips Scanner 0.5 - 'code.php' Local File Inclusion
|
21 |
WEB
|
Ashiyane Digital Security Team
|
|
2015-12-24
|
|
Beezfud - Remote Code Execution
|
20 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-02-05
|
|
WordPress Theme Kiddo - Arbitrary File Upload
|
24 |
WEB
|
TUNISIAN CYBER
|
|
2013-12-13
|
|
Joomla! Component Projoom NovaSFH 3.0.2 - 'upload.php' Arbitrary File Upload
|
23 |
WEB
|
Yuri Kramarz
|
|
2014-02-05
|
|
Singapore 0.9.9b Beta - Image Gallery Remote File Inclusion / Cross-Site Scripting
|
19 |
WEB
|
TUNISIAN CYBER
|
|
2015-12-23
|
|
PhpSocial 2.0.0304_20222226 - Cross-Site Request Forgery
|
18 |
WEB
|
Curesec Research Team
|
|
2015-12-23
|
|
Arastta 1.1.5 - SQL Injection
|
19 |
WEB
|
Curesec Research Team
|
|
2015-12-23
|
|
Grawlix 1.0.3 - Cross-Site Request Forgery
|
20 |
WEB
|
Curesec Research Team
|
|
2015-12-23
|
|
Bigware Shop 2.3.01 - Multiple Local File Inclusions
|
16 |
WEB
|
bd0rk
|
|
2013-03-25
|
|
Atmail WebMail - 'INBOX.Trash?mailId' Reflected Cross-Site Scripting
|
19 |
WEB
|
Vicente Aguilera Diaz
|
|
2013-03-25
|
|
Atmail WebMail - 'searchResultsTab5?filter' Reflected Cross-Site Scripting
|
15 |
WEB
|
Vicente Aguilera Diaz
|
|
2013-03-25
|
|
Atmail WebMail - Message Attachment File Name Reflected Cross-Site Scripting
|
19 |
WEB
|
Vicente Aguilera Diaz
|
|
2014-01-22
|
|
Web Video Streamer - Multiple Vulnerabilities
|
18 |
WEB
|
Eric Sesterhenn
|
|
2015-12-21
|
|
Ovidentia Widgets 1.0.61 - Remote Command Execution
|
18 |
WEB
|
bd0rk
|
|
2015-12-21
|
|
Ovidentia online Module 2.8 - 'GLOBALS[babAddonPhpPath]' Remote File Inclusion
|
18 |
WEB
|
bd0rk
|
|
2014-01-28
|
|
Eventum 2.3.4 - 'hostname' Remote Code Execution
|
21 |
WEB
|
High-Tech Bridge
|
|
2014-01-27
|
|
Eventum - Insecure File Permissions
|
19 |
WEB
|
High-Tech Bridge
|
|
2014-01-24
|
|
Maian Uploader 4.0 - Multiple Vulnerabilities
|
21 |
WEB
|
KedAns-Dz
|
|
2014-01-24
|
|
WordPress Plugin WP E-Commerce - Multiple Vulnerabilities
|
16 |
WEB
|
KedAns-Dz
|
|
2014-01-24
|
|
ZenPhoto - SQL Injection
|
18 |
WEB
|
KedAns-Dz
|
|
2014-01-24
|
|
XOS Shop - 'goto' SQL Injection
|
18 |
WEB
|
JoKeR_StEx
|
|
2014-01-18
|
|
WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload
|
20 |
WEB
|
Ashiyane Digital Security Team
|
|
2014-01-21
|
|
Imageview - 'upload.php' Arbitrary File Upload
|
19 |
WEB
|
TUNISIAN CYBER
|
|
2014-01-13
|
|
Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injections
|
20 |
WEB
|
Rohan Stelling
|
|
2015-12-18
|
|
pfSense 2.2.5 - Directory Traversal
|
18 |
WEB
|
R-73eN
|
|
2015-12-18
|
|
Ovidentia maillist Module 4.0 - Remote File Inclusion
|
18 |
WEB
|
bd0rk
|
|
2015-12-18
|
|
Joomla! 1.5 < 3.4.6 - Object Injection 'x-forwarded-for' Header Remote Code Execution
|
20 |
WEB
|
Andrew McNicol
|
|
2014-01-17
|
|
BloofoxCMS 0.5.0 - 'fileurl' Local File Inclusion
|
17 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-17
|
|
BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin)
|
18 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-17
|
|
BloofoxCMS - '/bloofox/admin/index.php?Username' SQL Injection
|
20 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-17
|
|
BloofoxCMS - '/bloofox/index.php?Username' SQL Injection
|
16 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-16
|
|
Joomla! Component Sexy polling 1.0.8 - 'answer_id' SQL Injection
|
17 |
WEB
|
High-Tech Bridge
|
|
2015-12-17
|
|
Zen Cart 1.5.4 - Local File Inclusion
|
21 |
WEB
|
High-Tech Bridge SA
|
|
2014-01-10
|
|
Joomla! Component Almond Classifieds - Arbitrary File Upload
|
19 |
WEB
|
DevilScreaM
|
|
2014-01-14
|
|
Atmail Webmail Server - Email Body HTML Injection
|
16 |
WEB
|
Zhao Liang
|
|
2014-01-08
|
|
EZGenerator - Local File Disclosure / Cross-Site Request Forgery
|
19 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-08
|
|
Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password)
|
17 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-08
|
|
UAEPD Shopping Script - 'news.php?id' SQL Injection
|
19 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-08
|
|
UAEPD Shopping Script - 'products.php' Multiple SQL Injections
|
21 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2015-12-16
|
|
Ovidentia NewsLetter Module 2.2 - 'admin.php' Remote File Inclusion
|
23 |
WEB
|
bd0rk
|
|
2015-12-15
|
|
ArticleSetup Article Script 1.00 - SQL Injection
|
24 |
WEB
|
Linux Zone Research Team
|
|
2015-12-15
|
|
Ovidentia bulletindoc Module 2.9 - Multiple Remote File Inclusions
|
20 |
WEB
|
bd0rk
|
|
2014-01-07
|
|
Dredge School Administration System - '/DSM/Backup/processbackup.php' Database Backup Information Di
|
26 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Ma
|
20 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Dredge School Administration System - '/DSM/loader.php' Account Information Disclosure
|
20 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Dredge School Administration System - '/DSM/loader.php?Id' SQL Injection
|
19 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2015-12-15
|
|
Tequila File Hosting 1.5 - Multiple Vulnerabilities
|
25 |
WEB
|
Ashiyane Digital Security Team
|
|
2015-12-15
|
|
Ovidentia absences Module 2.64 - Remote File Inclusion
|
19 |
WEB
|
bd0rk
|
|
2015-12-15
|
|
Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution
|
21 |
WEB
|
Sec-1
|
|
2015-12-14
|
|
Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal
|
24 |
WEB
|
High-Tech Bridge SA
|
|
2015-12-14
|
|
Bitrix bitrix.mpbuilder Module 1.0.10 - Local File Inclusion
|
24 |
WEB
|
High-Tech Bridge SA
|
|
2015-12-14
|
|
Polycom VVX-Series Business Media Phones - Directory Traversal
|
23 |
WEB
|
Jake Reynolds
|
|
2015-12-14
|
|
WordPress Plugin Admin Management Xtended 2.4.0 - Privilege escalation
|
33 |
WEB
|
Kacper Szurek
|
|
2015-12-14
|
|
ECommerceMajor - 'productdtl.php?prodid' SQL Injection
|
21 |
WEB
|
Rahul Pratap Singh
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/add_topic.php' Cross-Site Request Forgery (Topic Cre
|
22 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/Admin_change_Password.php' Cross-Site Request Forger
|
19 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/backup/backup_ray2.php' Database Backup Direct Reque
|
23 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_subjects.php?id' SQL Injection
|
25 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_school_names.php?id' SQL Injection
|
18 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/health_allergies.php?id' SQL Injection
|
23 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_titles.php?id' SQL Injection
|
18 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_relations.php?id' SQL Injection
|
21 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_generations.php?id' SQL Injection
|
20 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_infraction_codes.php?id' SQL Injection
|
21 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_media_codes_1.php?id' SQL Injection
|
19 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_sgrades.php?id' SQL Injection
|
19 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_school_years.php?id' SQL Injection
|
20 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_terms.php?id' SQL Injection
|
25 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Command School Student Management System - '/sw/admin_grades.php?id' SQL Injection
|
23 |
WEB
|
AtT4CKxT3rR0r1ST
|
|
2014-01-07
|
|
Joomla! Component com_aclsfgpl - 'index.php' Arbitrary File Upload
|
21 |
WEB
|
TUNISIAN CYBER
|
|
2013-10-03
|
|
SPAMINA Cloud Email Firewall - Directory Traversal
|
24 |
WEB
|
Sisco Barrera
|
|
2015-12-12
|
|
GoAutoDial CE 3.3 - Multiple SQL Injections / Command Injection
|
25 |
WEB
|
R-73eN
|
|
2013-12-24
|
|
xBoard 5.0/5.5/6.0 - 'view.php' Local File Inclusion
|
23 |
WEB
|
TUNISIAN CYBER
|
|
2013-12-30
|
|
WordPress Plugin Advanced Dewplayer - 'download-file.php' Script Directory Traversal
|
23 |
WEB
|
Henri Salo
|
